a151fb083106e1134d61d4ebad9ecb59

Sharing

Copy URL Twitter E-mail

General

Target

a151fb083106e1134d61d4ebad9ecb59
Size

16.9MB
MD5

a151fb083106e1134d61d4ebad9ecb59
SHA1

ad6aecd6e3510f8398140f6225d907d53003857a
SHA256

0e51ac73e4c55993473266c1e06b0e8e9ac68ef16df8ee80ae81186ac1cad0d8
SHA512

0bf46db574341262e06eeac2fc499e5fdf22458e39b40a8b6075817459abd458b6d5a9ad1e95d1db62480099381449d85409711b3b8e9a4a9370409643f95687
SSDEEP

393216:5I5qxcm1mW+fvt2e10wjq5uj2j/3JtDl/qdXKAq/VYI/UHiNZCAKFdu9:5I5qmmQWEvwe1o5uW/LDoHiN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a151fb083106e1134d61d4ebad9ecb59

Files

a151fb083106e1134d61d4ebad9ecb59
.exe windows:5 windows x86 arch:x86

ee8fbae95ca9948b9d6918a9bc1cca9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
CreateCompatibleBitmap
GetFontData
CreateFontIndirectW
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExW
GetOutlineTextMetricsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetPaletteEntries
CreatePalette
GdiFlush
SelectClipRgn
CreateCompatibleDC
SelectObject
DeleteDC
CreateDIBSection
CreateBitmap
GetDIBits
PtInRegion
SelectPalette
RealizePalette
GetStockObject
GetObjectW
CreateEllipticRgn
CreateRectRgn
GetRegionData
CombineRgn
OffsetRgn
DeleteObject
GetDeviceCaps

oleaut32

VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

imm32

ImmSetCompositionFontW
ImmGetContext
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmSetCompositionWindow

winmm

PlaySoundW

ws2_32

htonl
getsockopt
WSANtohl
WSAAsyncSelect
inet_addr
gethostbyaddr
ntohl
gethostbyname
WSASend
closesocket
select
__WSAFDIsSet
WSASendTo
WSARecv
WSARecvFrom
WSAAccept
listen
bind
WSAConnect
getsockname
getpeername
setsockopt
WSASocketW
WSAIoctl
WSACleanup
WSAStartup
WSAGetLastError
WSAHtons
WSAHtonl
WSANtohs

ole32

StringFromGUID2
CoCreateGuid
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleInitialize
OleUninitialize
ReleaseStgMedium
DoDragDrop
CoTaskMemFree
CoCreateInstance
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoGetMalloc
CoInitialize
CoUninitialize
OleSetClipboard

user32

GetClipboardFormatNameW
LoadIconW
DestroyCaret
SetCaretPos
CreateCaret
HideCaret
TranslateMessage
GetKeyboardLayoutList
RegisterWindowMessageW
GetMenu
GetKeyboardState
SetMenuItemInfoW
MapVirtualKeyW
ToAscii
ToUnicode
GetKeyboardLayout
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetIconInfo
DrawIconEx
CreateCursor
CreateIconIndirect
SetCursorPos
DestroyCursor
GetClassInfoW
LoadImageW
GetSysColorBrush
RegisterClassW
DefWindowProcW
GetWindowRgn
UnregisterClassW
GetCursorPos
ClipCursor
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
GetSysColor
WindowFromPoint
GetParent
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
PeekMessageW
CharNextExA
GetKeyState
GetCaretBlinkTime
FlashWindowEx
MessageBeep
SystemParametersInfoW
GetDesktopWindow
CreateWindowExW
ValidateRgn
GetClientRect
GetWindowPlacement
SetWindowPlacement
GetWindowRect
IsWindowVisible
IsIconic
IsZoomed
SetParent
SetWindowRgn
MoveWindow
InvalidateRect
ShowWindow
GetSystemMetrics
SendMessageW
SetWindowTextW
ScreenToClient
ClientToScreen
DestroyWindow
SetCursor
SetWindowsHookExW
SetCapture
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
SetWindowPos
SetForegroundWindow
ReleaseCapture
UnhookWindowsHookEx
DestroyIcon
CallNextHookEx
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetActiveWindow
GetFocus
SetFocus
SetTimer
GetQueueStatus
KillTimer
DispatchMessageW
GetSystemMenu
EnableMenuItem
IsChild
MsgWaitForMultipleObjectsEx
GetWindowThreadProcessId
PostThreadMessageW
EnumWindows
PostMessageW
TrackPopupMenuEx

advapi32

RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW

kernel32

SetEnvironmentVariableA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
VirtualAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
HeapSize
GetModuleHandleA
SetLastError
InterlockedIncrement
WriteConsoleW
CreateFileA
SetFileAttributesW
GetCurrentDirectoryA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetDriveTypeA
ExitProcess
CreateThread
ExitThread
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
RaiseException
RtlUnwind
FindNextFileW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
GetStdHandle
SetFilePointer
GetExitCodeProcess
TerminateProcess
CreatePipe
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetLogicalDrives
GetFileTime
SetEndOfFile
DeviceIoControl
GetTempPathW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
LoadLibraryA
DeleteFileW
GetFullPathNameW
GetCurrentDirectoryW
WriteFile
SetFilePointerEx
GetFileAttributesExW
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreW
ReleaseSemaphore
GetVersionExW
FormatMessageW
LocalFree
TlsGetValue
GetCurrentProcess
DuplicateHandle
GetThreadPriority
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
GetCurrentThread
TlsAlloc
GetSystemInfo
GetCurrentThreadId
TlsFree
GetLocalTime
GetCommandLineW
MultiByteToWideChar
GetUserDefaultLCID
CompareStringW
WideCharToMultiByte
GetProcAddress
CreateNamedPipeW
ConnectNamedPipe
SetEvent
CreateFileW
WaitNamedPipeW
ReadFile
GetOverlappedResult
DisconnectNamedPipe
ResetEvent
PeekNamedPipe
CreateEventW
GetDriveTypeW
GlobalSize
CreateProcessW
ExpandEnvironmentStringsW
lstrcmpW
LoadLibraryW
IsValidLanguageGroup
IsValidLocale
GetUserDefaultLangID
FindFirstFileW
FindClose
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
SetErrorMode
InterlockedDecrement
GetVolumeInformationW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
GetLocaleInfoA
CopyFileW
GetStringTypeA
GetStringTypeW
CompareStringA
GetModuleHandleW
Sleep
WaitForMultipleObjects
GetDiskFreeSpaceExW
GetLastError
OpenMutexW
CreateMutexW
WaitForSingleObject
CloseHandle
ReleaseMutex
GetCurrentProcessId

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee8fbae95ca9948b9d6918a9bc1cca9d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 12.1MB - Virtual size: 12.1MB

.data Size: 36KB - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 12.1MB - Virtual size: 12.1MB

.data
Size: 36KB - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 3KB